Fannie Mae worker tried to nuke servers

A former Fannie Mae IT contractor in the US has been indicted on charges of planting a virus that would have nuked the mortgage agency's computers, caused millions of dollars in damages, and even shut down operations.

commentary A former Fannie Mae IT contractor in the US has been indicted on
charges of planting a virus that would have nuked the mortgage
agency's computers, caused millions of dollars in damages, and
even shut down operations.

How might this have occurred? The
contractor was terminated, but his server privileges were
not.

Rajendrasinh Makwana was indicted this week in the US District Court for Maryland. From early 2006 to October 24, Makwana was a
contractor for Fannie Mae. According to the indictment, Makwana
allegedly targeted Fannie Mae's network after he was terminated.
The goal was to "cause damage to Fannie Mae's computer network by
entering malicious code that was intended to execute on January 31,
2009."

And given that Fannie Mae — along with Freddie Mac — was
nationalised in an effort to stabilise the mortgage market, a
malware intrusion could have caused a good bit of havoc.

Makwana worked at Fannie Mae's data center in Urbana, Md., as a
Unix engineer, as a contractor with a firm called OmniTech. He had
root access to all Fannie Mae servers.

The tale of the malware bomb plot is a warning shot to all
security teams and IT departments. Given the level of layoffs
we've seen lately, the ranks of disgruntled former employees is
likely to grow. Is there any company NOT lopping off a big chunk of
its workforce? And some of these workers may even have Makwana's
access privileges and knowledge of the corporate network.

Indeed, Makwana allegedly had intended to do some serious damage
such as "destroying and altering all of the data on all Fannie Mae
servers". That quote from the indictment puts it mildly. According
to the initial complaint against Makwana, the former contractor's
virus "would have caused millions of dollars of damage".

Anyone
who logged into the Fannie Mae network on 31 January would have seen a
message "Server Graveyard." Details of Makwana's alleged plot
surfaced in a complaint that was initially sealed to protect the
identity of Fannie Mae. In the complaint, Fannie Mae is referred to
as "ABC," but defined as an outfit that facilitates mortgages. In
a sworn statement, FBI agent Jessica Nye outlined the
following:

(Credit: ZDNet US)

Luckily, the Fannie Mae server scripts were returned to normal
before mortgage chaos ensued. But the errors listed in the
complaint are clear. The biggest problem: Makwana's access wasn't
terminated when he was. He had access to Fannie Mae servers longer
than he should have. Here's a look at the notable excerpts of the
complaint. As you can see there were warning signs and mistakes
made along the way. Emphasis is mine.

(Credit: ZDNet US)

So far so good right? Makwana screwed up, was terminated, and
had to turn in his gear and access privileges. Well, that last part
didn't go so well.

(Credit: ZDNet US)

The good news is that Makwana's access didn't go on
indefinitely. I've known more than a few people who could access
their former employer's network for months after they left the
company. However, catching the malware script was really a function
of luck.

(Credit: ZDNet US)

There was also some good detective work too -- the complaint
details Makwana's alleged techniques and script set-up -- by the
Fannie Mae security team. However, a lot of work could have been
avoided if only Makwana's privileges were terminated when he
was.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.